<?php
    include 'sqlconnect.php';
    session_start();
    if(isset($_POST["username"])&&isset($_POST["password"])){
        $username=$_POST["username"];
        $password=$_POST["password"];
        if(mysqli_fetch_array(mysqli_query($conn,"SELECT * FROM staff WHERE username='$username'"))){//如果用户名存在
            if(mysqli_fetch_array(mysqli_query($conn,"SELECT * FROM staff WHERE username='$username' and password='$password'"))){
                //用户名和密码都匹配 跳转页面
                $result=mysqli_query($conn,"SELECT idposition FROM staff WHERE username='$username'");
                while($row=mysqli_fetch_array($result)){
                        $_SESSION['islogined']=1;
                        $_SESSION['username']=$username;
                        $_SESSION['idposition']=$row["idposition"];
                        $_COOKIE['username']=$username;
                        header("location:./Home.php");
                } 
            }
            else{
                //密码不正确
                setcookie("username", $username, time()+3600);
                setcookie("isPassword",1, time()+3600);
                header("location:./Login.php");
            }
        }
        else{
            //账户不存在
            setcookie("username", $username, time()+3600);
            setcookie("isUsername",1, time()+3600);
            //echo $_SESSION["username"];
            header("location:./Login.php");
        }
    }
    else{
        setcookie("isPassword",2,time()+3600);
    }
    
?>